001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk; 019 020 021import com.nimbusds.oauth2.sdk.ErrorObject; 022import com.nimbusds.oauth2.sdk.http.HTTPResponse; 023 024 025/** 026 * OpenID Connect specific errors. 027 * 028 * <p>Related specifications: 029 * 030 * <ul> 031 * <li>OpenID Connect Core 1.0, section 3.1.2.6. 032 * </ul> 033 */ 034public final class OIDCError { 035 036 037 // Authentication endpoint 038 039 /** 040 * The authorisation server requires end-user interaction of some form 041 * to proceed. This error may be returned when the {@link Prompt} 042 * parameter in the {@link AuthenticationRequest} is set to 043 * {@link Prompt.Type#NONE none} to request that the authorisation 044 * server should not display any user interfaces to the end-user, but 045 * the {@link AuthenticationRequest} cannot be completed without 046 * displaying a user interface for end-user interaction. 047 */ 048 public static final ErrorObject INTERACTION_REQUIRED = 049 new ErrorObject("interaction_required", "User interaction required", HTTPResponse.SC_FOUND); 050 051 /** 052 * The authorisation server requires end-user authentication. This 053 * error may be returned when the prompt parameter in the 054 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 055 * to request that the authorisation server should not display any user 056 * interfaces to the end-user, but the {@link AuthenticationRequest} 057 * cannot be completed without displaying a user interface for user 058 * authentication. 059 */ 060 public static final ErrorObject LOGIN_REQUIRED = 061 new ErrorObject("login_required", "Login required", HTTPResponse.SC_FOUND); 062 063 064 /** 065 * The end-user is required to select a session at the authorisation 066 * server. The end-user may be authenticated at the authorisation 067 * server with different associated accounts, but the end-user did not 068 * select a session. This error may be returned when the prompt 069 * parameter in the {@link AuthenticationRequest} is set to 070 * {@link Prompt.Type#NONE} to request that the authorisation server 071 * should not display any user interfaces to the end-user, but the 072 * {@link AuthenticationRequest} cannot be completed without 073 * displaying a user interface to prompt for a session to use. 074 */ 075 public static final ErrorObject ACCOUNT_SELECTION_REQUIRED = 076 new ErrorObject("account_selection_required", "Session selection required", HTTPResponse.SC_FOUND); 077 078 079 /** 080 * The authorisation server requires end-user consent. This error may 081 * be returned when the prompt parameter in the 082 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 083 * to request that the authorisation server should not display any 084 * user interfaces to the end-user, but the 085 * {@link AuthenticationRequest} cannot be completed without 086 * displaying a user interface for end-user consent. 087 */ 088 public static final ErrorObject CONSENT_REQUIRED = 089 new ErrorObject("consent_required", "Consent required", HTTPResponse.SC_FOUND); 090 091 092 /** 093 * The {@code request_uri} in the {@link AuthenticationRequest} 094 * returns an error or invalid data. 095 */ 096 public static final ErrorObject INVALID_REQUEST_URI = 097 new ErrorObject("invalid_request_uri", "Invalid OpenID request URI", HTTPResponse.SC_FOUND); 098 099 100 /** 101 * The {@code request} parameter in the {@link AuthenticationRequest} 102 * contains an invalid OpenID Connect request object. 103 */ 104 public static final ErrorObject INVALID_REQUEST_OBJECT = 105 new ErrorObject("invalid_request_object", "Invalid OpenID request JWT", HTTPResponse.SC_FOUND); 106 107 108 /** 109 * The {@code registration} parameter in the 110 * {@link AuthenticationRequest} is not supported. Applies only to 111 * self-issued OpenID providers. 112 */ 113 public static final ErrorObject REGISTRATION_NOT_SUPPORTED = 114 new ErrorObject("registration_not_supported", "Registration parameter not supported", HTTPResponse.SC_FOUND); 115 116 117 /** 118 * The {@code request} parameter in the 119 * {@link AuthenticationRequest} is not supported. 120 */ 121 public static final ErrorObject REQUEST_NOT_SUPPORTED = 122 new ErrorObject("request_not_supported", "Request parameter not supported", HTTPResponse.SC_FOUND); 123 124 125 /** 126 * The {@code request_uri} parameter in the 127 * {@link AuthenticationRequest} is not supported. 128 */ 129 public static final ErrorObject REQUEST_URI_NOT_SUPPORTED = 130 new ErrorObject("request_uri_not_supported", "Request URI parameter not supported", HTTPResponse.SC_FOUND); 131 132 133 /** 134 * Prevents public instantiation. 135 */ 136 private OIDCError() { } 137}